PUP.Optional.FilesFrog.A
sdpupdater[1].exe
sdpupdater.exe
【外部リンク】
https://realsound.jp/tech/2020/12/post-670176_2.html
メッセンジャー内のビデオや音声通話を盗み聞きされるバグが発見 バウンティプログラムの現状は
https://threatpost.com/facebook-messenger-bug-spying-android/161435/
In a normal scenario, audio from the person making the call would not be transmitted until the person on the other end accepts the call. This is rendered in the app by either not calling setLocalDescription until the person being called has clicked the “accept button,” or setting the audio and video media descriptions in the local Session Description Protocol (SDP) to inactive and updating them when the user clicks the button, Silvanovich explained.
“However, there is a message type that is not used for call set-up, SdpUpdate, that causes setLocalDescription to be called immediately,” she explained. “If this message is sent to the callee device while it is ringing, it will cause it to start transmitting audio immediately, which could allow an attacker to monitor the callee’s surroundings.”
https://www.bleepingcomputer.com/news/security/facebook-messenger-bug-allowed-android-users-to-spy-on-each-other/
Attackers could have exploited this bug by sending a special type of message known as SdpUpdate which would cause the call to connect to the callee's device before it was answered.
http://webcache.googleusercontent.com/search?q=cache:Y31oI0f87X0J:akudaikan-0.bbs.fc2.com/%3Fact%3Dfold2%26mid%3D13284131+&cd=9&hl=ja&ct=clnk&gl=jp
C:\Users\\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I7AR36RU\sdpupdater[1].exe (PUP.Optional.FilesFrog.A) -> 何の措置も取られませんでした。
C:\Users\\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JAO2DAE4\stubinst_pkg_ja[1].cab (PUP.Optional.OpenCandy) -> 何の措置も取られませんでした。
https://www.bleepingcomputer.com/forums/t/526638/audio-ads-on-every-web-page-upload-chrome-crashes/
C:\Users\\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\94X5W510\sdpupdater[1].exe (PUP.Optional.FilesFrog.A) -> Quarantined and deleted successfully.
C:\Users\\AppData\Local\Temp\sdpupdater.exe (PUP.Optional.FilesFrog.A) -> Quarantined and deleted successfully.
